Am 22.09.2011 21:54, schrieb Jon Detert:
Hello,
I have cas v3.4.2 running under tomcat, and 4 different clients:
1) CasClient v? (files in war file time-stamped 12 Nov 2004);
2) apache mod_auth_cas
3) php CAS v1.2.1
4) CasClient v3.1.8
When I login via any 1 of them, the others are 'single-signed-on', which is
what we want and expect.
When I logout of the application protected by CasClient ~Nov 2004, the apache
mod_auth_cas-protected sites are also effectively logged out automagically, but
the sites protected by CasClientv3 and phpCas are not. Any ideas why not?
The reverse scenario is true as well:
When I logout of the CasClientv3 protected site (which simply does an http GET
of my-cas-server.example.com/cas/logout), the apache mod_auth_cas-protected
sites are also effectively logged out automagically, but the sites protected by
CasClient 2004 and phpCas are not. Any ideas why not?
I think mod_auth_cas has single sign out enabled by default while both
the java and php clients do not. For phpCAS you have to enable the
single logout capabilities [1]
A similar setting is needed for the java client [2]
Another issues could be around ssl certificates if you are on an https
site and you have an invalid (self signed?) certificate. The cas server
wont talk to servers with invalid/unknown certifcates (not trusted by
the java keystore).
Regards,
Joachim
[1]http://wiki.jasig.org/display/CASC/phpCAS+examples#phpCASexamples-HandlelogoutrequestsfromtheCASserver
[2]https://wiki.jasig.org/display/CASC/Configuring+Single+Sign+Out
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
